EMINENCE VSP Talk to the architect

The Salesforce partner built for banking — lending journeys live this quarter, not eighteen-month programmes.

LinkedInEmail
Industries
Company
CIB · GOVERNANCE· 6 min read · by Srinivasa, Founder & Architect · published Nov 2025, updated Jun 2026

Information barriers on Salesforce: platform rules, not etiquette

Need-to-know enforced by access control survives an audit. Need-to-know enforced by good intentions doesn't.

Etiquette versus architecture

Every investment bank has information barriers. The question an audit asks is what they're made of. In many firms the honest answer is etiquette: training, attestations, and the assumption that people don't open what they shouldn't. That survives until the first time someone does — and then the firm discovers that "we told people not to" is not a control, it's a hope with a paper trail.

On a properly architected platform, the wall is not advice. It is the sharing model — and the sharing model does not have lapses of judgement.

Walls as platform rules

Need-to-know is a sharing rule. Compliant Data Sharing expresses who may see a deal as access architecture — enforced on every record, every report, every API call, every AI agent.
Least privilege is the default. A new deal is visible to its team and nobody else. Visibility is granted, recorded and reasoned — never assumed.
Wall-crossing is an event. Bringing someone over the wall is a recorded approval with a scope and an expiry — not an email and a calendar entry.
You can prove the negative. The trail shows not only who accessed a deal, but who could not have — the answer that actually ends a regulatory inquiry.

A wall-crossing, end to end

RequestA sector analyst needs sight of a live mandate. The request states the deal, the reason and the duration — on the record.
ApprovalCompliance approves in the workflow. The approval, the approver and the scope are now data.
AccessSharing opens for that person, that deal, that window. Nothing else changes.
ExpiryAccess revokes itself on the date set. The full episode — grant to revocation — is one query in the audit trail.
A wall you have to remember isn't a wall.

The tooling around the wall keeps improving: Salesforce Shield now offers unified security management and guided compliance configuration, which makes encryption, event monitoring and field audit trails — the wall’s instrumentation — considerably less painful to run. The architecture is the control; Shield is how you prove it operated.

The honest caveat

Platform rules don't replace the compliance function — they give it teeth. Conduct, conflicts judgement and the decision to approve a crossing remain human. What the architecture removes is the gap between the decision and its enforcement: once compliance says no, there is no quiet way around it.

Three questions for your control room

What is your wall made of — policy or permissions? Read the last audit finding before answering.
Can you list everyone who crossed a wall last quarter? With approvals, scopes and expiry dates?
Could you prove who couldn't see a deal? That's the question that ends an inquiry in an afternoon.

How Eminence VSP helps

We design information barriers on Salesforce as architecture: Compliant Data Sharing for need-to-know, wall-crossings as governed records, and Shield instrumentation your control room can stand behind in an audit. See Corporate & Investment Banking or talk to the architect.

S.
Srinivasa
Founder & Architect, Eminence VSP — the person who scopes and delivers these builds.
Share on LinkedIn →
Keep reading

More straight answers.

AI · AGENTS

Agentforce for banking in 2026: what’s actually ready, and what to deploy first

Read the article →
AI · DATA

What is Data 360 for banks? The intelligence layer under your agents, explained

Read the article →
AI · GOVERNANCE

AI agent auditability in banking: answering “how did the agent decide?”

Read the article →

Let’s talk.

One conversation with the architect — and a clear view of what your bank could ship next quarter.

Talk to the architect